I installed TFS on a single W7 machine with a single user (me).
After creating a collection, I am unable to access it or to administer its security: It asks me for credentials. However, since I created the collection and there is only one user, I am stuck.
I am thinking it may fail because it's a single machine without domain (and therefore uses NTLM)
Has anyone been able to use TFS on a single non domain machine?
MSDN article says that it is a bit tricky to use TFS without domain, but possible:
Local user accounts must be created on
the Team Foundation server for all
users requiring access to the server.
Local user accounts must be added to
Team Foundation Server server-level
and project-level groups so that the
users are authorized on the Team
Foundation server. When connecting
from a Team Foundation client, such as
Team Explorer, in the workgroup, the
client user account credentials must
match those of the server, or the user
will be prompted for a user name and
password for an account on the Team
Foundation Server.
Related
We have an office add-in manifest which we published to our organization app catalog. We have external users who can use these apps and our SharePoint is configured to authenticate these users (No Single Sign On). We also don't want to publish these manifests to Microsoft store also.
On the Excel, if the user tries to access the app catalog manifests from the Trusted Catalog location configured it shows access denied and there are no login page being displayed. The same behavior can be observed if the user is signed out of Excel and tries to access a manifest from office 365.
As we work with multiple organization, how can we support login to our catalog from different users?
The cross organization add-in/catalog access doesn't seem to be supported. Office store is meant to address this exact scenario where add-ins need to be distributed across organizations with the right level of authorization. So, that may be something you want to consider.
I have created a Windows Server 12 VM on Azure platform. And I created Ftp server on IIS server in the VM. The Ftp server is publically accessible using all users accounts. Currently I have only admin user account. I am trying to create couple of more user accounts & Ftp servers and assign each user to specific Ftp server.
I tried to create user account via Control Panel\All Control Panel Items\Administrative Tools->Local Users and Group->New User, but it does not allow me to progress. It just throws unknown error.
Any idea over how shall I create new user account so that it can be publically used for Ftp service authentication?
I finally managed to create new user from Control Panel\All Control Panel Items\Administrative Tools->Local Users and Group->New User.
The unknown error was thrown because of password was not strong and entered invalid chars in Description, Full name textboxes. The error message from Win Server did not help at all.
I want to set up a website on Azure according to the following requirements and are wondering if it is even possible?
As a internal team member, I must be able to login to the site with Windows Authentication
As a external customer, I must be able to login to the site with user name and password
As a external customer, I must not be able to access a subset of the site
As a unauthorized user, I must not be able to access anything on the site
I guess I have to set up a VPN connection between Azure and the Active Directory in my company. How do I do that?
Is it at all possible to meet my requirements?
Background Information
We are a small project with about 10 team members.
We have four large customers who need access to the site, and there are a few people in each customer who needs to have access to the site.
Customers will just have read only access to static, non-sensitive information.
The team members will have write access, and will also handle some sensitive information.
** Edit **
I have now managed to create efficient synchronization of our projects local AD to Azure, thanks user18044. Unfortunately, the accounts for the team members is located in the company's AD (corp.mycompany.com), and out AD has one-way trust with it.
We have groups in the project-AD pointing to our accounts in the company's AD, but the members in the groups is not synchronizing over to Azure.
Can this be solved?
Yes, I think what you are describing is doable.
Your first two bullet points are about authentication. As Azure Active Directory does not directly support Windows Authentication, federation is the way to go here.
When you as an internal team member log on, you land on what is called a home-realm discovery page, where you pick the realm you want to authenticate in. Picking the realm of your company, you get redirected to the STS (for example ADFS) your company has set up to authenticate you. If you are in the same Windows Active Directory network as the STS is authenticating against, you should be able to use Kerberos to be issued a token.
An external customer would be redirected to another STS that would use forms authentication against a credential store to issue security tokens.
Both security tokens are then posted back to Azure Active Directory which is configured to trust both STS's and issues a token of its own. See here for an example.
As for the second two bullets, the authorization part you can do based on roles you assign to your users. Depending on which STS authenticated your user, you assign them a certain role. Based on that role you can give access to certain parts of your website or not. How to implement this depends on what stack you are using for your web application, but a Google search should give you some leads.
I installed SharePoint Foundation on Windows 7 Home to use locally only. I don't ever intend to expose this publicly, so I want to use anonymous access for everything but am unable to do so. I keep getting "401 UNAUTHORIZED" errors when I go to the central admin site. I have a different, ASP-based website on the same computer that anonymous access works just fine for, so I believe this is SharePoint related but don't know how.
I enabled anonymous access for all three SharePoint web sites, first using the Application Pool Identity and then a Specific User (with admin rights), but still no luck. I set all the Application Pool Identities to first "Local System", and then to a specific user (with admin rights) and still no luck.
I've seen other posts on this issue, but nothing else works for me.
I don't think you can enable Anonymous access for the Central Administration site - just the non-admin sites.
I've imported a bunch of users into my Active Directory with some custom fields. Then I did a profile import from Active Directory to Sharepoint with all the custom fields and regular fields. After this, I needed each user to be in a site collection with a MySite set up for them. I did that by writing some code that ensured the user existed and then checked the profile attribute "personalspace" to see if a MySite had been created. Everything worked great until some of the users needed to login from outside the network.
I'd like to get rid of the windows authentication pop-up that a user would get if they hit from outside the network (or haven't added the site to their trusted zone in IE). I've extended my web application to create an internet zone. Then I edited the web.config of the internet site to do active directory forms authentication, along with editing the Central Administrator's web.config so that it can see the data source. This is all well and good, the user can login through a nice interface. The only problem is that now the user is detached from their user profile. Essentially Sharepoint views a windows authentication user and a forms authenticated user as two separate users.
Is there a way to link the profiles? Do I have to write a custom membership provider to log a user in and then link them up to their windows account? Is there a way to log a user in from the internet web app and then spoof their windows credentials and pass it to the intranet? Do I need to recreate all the user profiles based on the forms authentication data source?
Is this what are you looking for .. http://grounding.co.za/blogs/brett/archive/2008/01/09/setting-up-dual-authentication-on-windows-sharepoint-services-3-0-forms-and-ntlm.aspx ?
See ya
I've been trying to accomplish the same thing, with exactly the same problem - the "forms-authenticated-me" is not the same as the "windows-authenticated-me" to sharepoint, and I can't see how to map the two.
After a lot of frustrating efforts, I think I've finally realized it's not possible. In retrospect, this isn't too surprising.
here's an excerpt from http://msdn.microsoft.com/en-us/library/bb975136.aspx (my emphasis added)...
Deciding to Use Forms Authentication
Some organizations want to use Windows
users and groups in SharePoint
Products and Technologies, but enter
credentials via forms authentication.
Before using forms authentication,
determine why to use forms
authentication in the first place:
What is the business driver? If user
accounts are stored in a location
other than an Active Directory domain
controller, or if Active Directory is
not available in a particular
environment, using forms
authentication with a membership
provider is a good choice. But if you
want to force logon only via forms
authentication, but still use Windows
and all of the integrated features it
provides, you should consider an
alternative such as publishing the
SharePoint site with Microsoft
Internet Security and Acceleration
(ISA) Server 2006. ISA Server 2006
allows users to log on by using a
forms authentication Web form, but
treats them like Windows users after
authentication. This implementation
provides a more consistent and
compelling experience for end users.
You can set up the Forms Authentication to use the Active Directory Forms Authentication provider. You'll get the best of both worlds.
The login prompt will be the Forms Authentication prompt that you want, but the profile and login info will come from Active Directory.
Follow these instructions to configure the provider:
How To: Use Forms Authentication with Active Directory